On Dec 11, 11:01pm, James Strompolis wrote:
} Subject: RE: Wingate?
} Yup, I think that was the hole. Like I said, fuzzy on the details.
} Although, I thought there was some mention of being able to pass through
} Wingate to the internal machine if the installer did not follow the readme
} to change some default setting(s?) that needed to be changed. Deerfield's
} fix, as I remember it, was to release a new version with the default
} changed to the opposite setting.
I don't think inside machines were at risk, I think it was just the
ability to connect from an outside machine to the Wingate machine and
hop from there to another outside machine that was a problem.
} There was some sort of script released to take advantage of it. The author
} pulled it very quickly when it got distributed beyond a small group of
} people it was supposed to stay within. I probably remember this one wrong,
} though?
This sounds about right. There was a lot of discussion about this in
news.admin.net-abuse.*.
} - James Strompolis
} Aleph Consultants, Inc.
} jimst @
enteract .
com
}
} On Thursday, December 11, 1997 11:12 AM, H. Morrow Long
} [SMTP:morrow .
long @
yale .
edu] wrote:
} > >- James Strompolis
} > >On an older version of Wingate, there was a hole that could let anyone
} in.
} > > It was there by design. I'm a little fuzzy on the details now. Do a
} > >search for Wingate on DejaNews in the computer security groups and you
} will
} > >find articles relating to this problem.
} >
} > The hole was that the telnet proxy would allow outsiders to use your
} proxy
} > to connect out to other sites on the Internet. They could then hide
} their
} > originating IP address from the ultimate destination or attempt to get
} > around US-only IP address restrictions, etc.
It's also a popular exploit for email and usenet spammers and mail bombers.
They can use this to hide their true location and deflect the consequences
of their network abuse.